IDS (Intrusion Detection Systems)

Hello all,
for those of you that have familiar with IDS (Intrusion Detection Systems), I know the concept but I was wondering if any of you know a site or tuotiral of how to progam a basic IDS software. Or any open source project!
thanks

WatchGuard's newest M series appliances were put to the test by Miercom. We had great results and outperformed all of our competitors in both stateless and stateful traffic throghput scenarios! Ready to see how your UTM appliance stacked up? Download the Miercom Report!

Basically an IDS is a pattern matching engine:
you capture data from the interface (promiscuously)
and then run the data through a pattern matching algorithm.
limitations to this approach are usually around complex rules and these systems unless very well written can be fooled by obscuring data (using unicode for example).

Open Source utililies such as Snort are very good.

There are a number of others such as prelude.

If you want to see how these work, or get an insight into the process of detection play with some open source sniffers like Analyzer or Ethereal, set some capture rules - and voila - you have the ability to produce rather crude (but educational) rules.

If you are uninterested in the history and want to do something similar on a WINTEL platform - get snort and IDScenter (windows front-end)

To append to festive's comment- it is important to note that not all IDSs rely on network data. Some IDSs analyze audit logs or compare observed user behavior (perhaps including network data) to profiles of normal user behavior looking for suspicious activity.

Also, some on-the-fly network based IDSs do more than "packet grepping" for malicious strings. Often times they search for anomalies such as an outgoing TCP connection from a machine that should never need to do such a thing.

As for projects to look into, as mentioned earlier snort.org is definitely a good place to check out. Also, take a look at this page of ID papers compiled (and in some cases written) by a grad student at RPI:

Hey fellow admins! This time, I have a little fairy tale for you. As many tales do, it starts boring and then gets pretty gory. I hope you like it. TL;DR: It is about an important security matter, you should read it if you run or administer Windows …

With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

The Email Laundry PDF encryption service allows companies to send confidential encrypted emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…